1 / 19

Building trust on the internet

Extending Attribute Protocols for Status Management and “Other Things”. Building trust on the internet. Patrick Richard, Xcert International. Company Background. Size: 80+ employees Incorporated: 1996 (Vancouver, BC) HQ: Walnut Creek, CA

kelly-english
Download Presentation

Building trust on the internet

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Extending Attribute Protocols for Status Management and “Other Things” Building trust on the internet Patrick Richard, Xcert International

  2. Company Background • Size: 80+ employees • Incorporated: 1996 (Vancouver, BC) • HQ: Walnut Creek, CA • Funding: Private, backed by founder of RSA & Verisign) • Key partners & customers:

  3. Extending Attribute Protocols for Status Management and “Other Things” • Agenda (40 minutes) • Conceptual History • Products in Action • Application Potential

  4. PKI Enables Risk Management • PKI provides a means to reduce the risk of business-to-business and business-to-consumer internet transactions • PKI enables institutions to define trust relationships that can be: • Published • Audited • Insured

  5. Digital Certificates Role in Risk Management Digital certificates are the ONLY technology to satisfy the requirements for secure transactions among trusted parties.

  6. Certificate Formats and Risk Management • Digital Certificates, as they are commonly used: • contain generalized end-entity information • this is used as part of the risk mitigation process • Examples: name, email address, where you work, etc..

  7. Certificate Attributes and Risk Management • The collection of information carried in a Certificate is the lowest common denominator for risk-managing transactions • Sometimes too little information • Sometimes too much • Normally no one cares who you are… they care about your ability to transact.

  8. What is important • Are the transaction-specific bindings between the participants and their relevant attributes • Example: • Joe Customer is the owner of the card • The card is still valid • The card has enough credit space for a transaction

  9. The key concept • PKI is really the practice of end-entity attribute assertion and management • I.e.: • CA asserts and distributes your name attribute • VA asserts and distributes your status attribute • AA asserts and distributes your credit attribute

  10. Attribute Management Protocols • A good, generalized and scaleable attribute management protocol can be the basis for a highly efficient and effective PKI • Eliminates re-inventing the wheel, solves scaleability problems • Relevant elements of the transaction are transmitted, nothing else

  11. Effective Attribute Management Protocol Characteristics • Ability to serve signed attributes • Ability to generate static collections of signed attributes • Ability to serve dynamic collections of signed attributes • Ability to deal with cacheing and freshness

  12. Real World Example: Certificate Status Management • Most OCSP implementations rely upon CRLs (I.e. they proxy CRLs) • Certificate Status is really just an attribute of the certificate being queried

  13. Status Management in an Attribute-driven model • Relating the current semantics against the model: • CRL : static collection of status attributes • Online query : signed response of status attribute • OCSP : standard protocol front-end on CRL/online query

  14. Technical Benefits • A singular protocol and method for resolving identity and attribute bindings • Works online and off-line • Can be applied to multiple attributes, not just status • Is 100% backwards compatible • Provides infinite design flexibility

  15. Business Benefits • Most implementations hit a “Chinese Wall” when they attempt to scale • Only cost effective way to scale • Customers with 100,000 + users on 1.x products (circa 1997), also Powers Public CAs • Provides business opportunities for Attribute Assertion Providers

  16. Current Real World Applications • Pseudo-anonymous certificates • High-assurance web transactions • Value-based dynamic assertions • Rollover and Revocation simplified • Single certificate, many models (I.e. GUC)

  17. PKI Elements

  18. Future Implications • Natural evolution is to Index attribute databases from certificates • Truly Internet-wide certificates should ideally have minimized content • Businesses are arising that focus exclusively on attribute management

  19. Conclusion • A comprehensive attribute management system can provide the backbone for a global deployment of PKI • Common PKI problems can be easily resolved through the use of attribute management • Primary obstacles today are not technical, but rather philosophical

More Related